php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73127 gost-crypto hash incorrect if input data contains long 0xFF sequence
Submitted: 2016-09-20 12:11 UTC Modified: -
Votes:6
Avg. Score:4.2 ± 0.9
Reproduced:6 of 6 (100.0%)
Same Version:2 (33.3%)
Same OS:6 (100.0%)
From: grundik at ololo dot cc Assigned:
Status: Closed Package: hash related
PHP Version: 7.0.11 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: grundik at ololo dot cc
New email:
PHP Version: OS:

 

 [2016-09-20 12:11 UTC] grundik at ololo dot cc
Description:
------------
If input data contains long sequence of 0xFF bytes (40+ bytes), then calculated hash using gost-crypto algorithm becomes incorrect. That affects at least these functions:
* hash;
* hash_file;
* hash_stream.

Test script:
---------------
$test = str_repeat("\xFF", 40);
echo hash('gost-crypto', $test);


Expected result:
----------------
231d8bb980d3faa30fee6ec475df5669cf6c24bbce22f46d6737470043a99f8e

Actual result:
--------------
8e0be2995864c40f8111feaa9df6fc4830632fdf61e365d9feca87f1e485d1f7

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-10-31 15:17 UTC] iofeed at yandex dot ru
This problem is easily reproduced when you try to create hash for an XLS file.
 [2017-02-03 09:13 UTC] grundik at ololo dot cc
Same issue in gost hash:

Test script:
---------------
$test = str_repeat("\xFF", 40);
echo hash('gost', $test);


Expected result:
----------------
9eaf96ba62f90fae6707f1d4274d1a9d6680f5a121d4387815aa3a6ec42439c5

Actual result:
--------------
140da043c3c8c9355b73de375ba23ce82cd0aa7c2ba334a25b7058fbe3efaba2
 [2017-02-03 12:54 UTC] grundik at ololo dot cc
Examples of tools, which gives correct output for gost-crypto algorithm:
* openssl with GOST engine: "openssl dgst -engine gost -md_gost94 -hex <file>";
* rhash: "rhash --gost-cryptopro <file>" (or "rhash --gost <file>" for "gost" S-blocks);
* CryptoPro CSP: "cryptcp -hash <file>".
 [2017-02-24 22:23 UTC] nikic@php.net
Automatic comment on behalf of grundik@ololo.cc
Revision: http://git.php.net/?p=php-src.git;a=commit;h=eac8166bd468a3c7c00b5163f6f86804911b660d
Log: Fix bug #73127
 [2017-02-24 22:23 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 10 09:01:27 2024 UTC